Re: off-by-one error in ip_fragment, recently.

From: Andre Oppermann <andre_at_freebsd.org>
Date: Sun, 11 Jan 2004 00:15:15 +0100
David Gilbert wrote:
> 
> I just updated a machine that uses GRE to -CURRENT.  Upon rebooting,
> the debugger stopped at the following:
> 
> "panic: m_copym, offset > size of mbuf chain"

There are two possible ways this can happen:  The function m_copym
was called with off == 0, or off == m->m_len.  Neither is supposed
to happen (obviously) so the bug must be in ip_fragment.  Lets have
a look at that next...

> panic()
> m_copym()
> ip_fragment()
> ip_output()
> gre_output()
> ip_output()
> udp_output()
> upd_send()
> sosend()
> kern_sendit()
> sendit()
> sendto()
> syscall()
> xint0x80_syscall()
> 
> ... now I'm not sure that the error is perfectly technically
> off-by-one, but its something similar.

Is this panic reproduceable?  What kind of traffic was going on
at that time?  Or was it right away when you started using the
GRE tunnel?

Could you please open a PR with this information too?  It helps
keeping track of the progress.

-- 
Andre
Received on Sat Jan 10 2004 - 14:15:20 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:37 UTC